Glossary
Business email compromise (BEC)
A fraud that uses a hijacked or spoofed email account to trick someone into wiring money or changing payment details. No malware required.
Business email compromise, or BEC, is wire fraud dressed up as a normal email. An attacker gets into a mailbox, watches the conversations, then slips in a request to change bank details on a real invoice or pushes an urgent payment that looks like it came from the CEO. There is no payload for antivirus to catch, which is the whole point.
The FBI's IC3 ranks it among the costliest crime categories every year. Multi-factor authentication helps but does not cover the spoofing variant. The real fix is an out-of-band rule for verifying payments. More on BEC and its cost.